samba - Nov 2013 - matching id's for ADC and member server

Hai, 
?
Im bit lost. 
?
I've installed a member server with winbind.? ( samba 4.1.2 (sernet) ) 
the server joined the domain without any problems. 
?
when i type getent passwd on the ADC server, im getting:? ( and is ok )
?
ROTTERDAM\Administrator:*:0:100::/home/users/%U:/bin/bash
ROTTERDAM\Guest:*:3000002:3000003::/home/users/%U:/bin/bash
ROTTERDAM\krbtgt:*:3000020:100::/home/users/%U:/bin/bash
ROTTERDAM\Admin:*:3000021:100:Admin:/home/users/%U:/bin/bash
?
on the member server, also looks ok, but different id's 
ROTTERDAM\administrator:*:70001:70001:Administrator:/home/users/administrator:/bin/bash
ROTTERDAM\guest:*:70002:70002:Guest:/home/users/guest:/bin/bash
ROTTERDAM\admin:*:70003:70001:Admin:/home/users/admin:/bin/bash
?
wbinfo -u 
wbinfo -g
wbinfo -i username 
?
all work fine on both servers.


?
?
2 questions, 
?
how can i match the UserID and GroupIDs between the member and ADC server. 
?
?
And?why do i see this :? 
?
(member server) 
ROTTERDAM\administrator? 
?
(ADC server) 
ROTTERDAM\Administrator
?
small thing but just a question 
?
?
?
On the ADC server i have in smb.conf?:? ( almost all settings ) 
?????? ?server role = active directory domain controller
??????? server services = s3fs rpc nbt wrepl ldap cldap kdc drepl winbind
ntp_signd kcc dnsupdate
??????? idmap_ldb:use rfc2307 = yes
????? ? wins support = yes
??????? template homedir = /home/users/%U
??????? template shell = /bin/bash
?
On the member server i have in smb.conf?:? ( almost all settings ) 
?
?? idmap config ROTTERDAM:backend = ad
?? idmap config ROTTERDAM:schema_mode = rfc2307

?? winbind trusted domains only = no
?? winbind use default domain = yes
?? winbind enum users? = yes
?? winbind enum groups = yes

??? template homedir = /home/users/%U
??? template shell = /bin/bash

where did i go wrong? 
?
Louis
?

On 26/11/13 12:08, L.P.H. van Belle wrote:
> Hai,
>   
> Im bit lost.
>   
> I've installed a member server with winbind.  ( samba 4.1.2 (sernet) )
> the server joined the domain without any problems.
>   
> when i type getent passwd on the ADC server, im getting:  ( and is ok )
>   
> ROTTERDAM\Administrator:*:0:100::/home/users/%U:/bin/bash
> ROTTERDAM\Guest:*:3000002:3000003::/home/users/%U:/bin/bash
> ROTTERDAM\krbtgt:*:3000020:100::/home/users/%U:/bin/bash
> ROTTERDAM\Admin:*:3000021:100:Admin:/home/users/%U:/bin/bash
>   
> on the member server, also looks ok, but different id's
>
ROTTERDAM\administrator:*:70001:70001:Administrator:/home/users/administrator:/bin/bash
> ROTTERDAM\guest:*:70002:70002:Guest:/home/users/guest:/bin/bash
> ROTTERDAM\admin:*:70003:70001:Admin:/home/users/admin:/bin/bash
>   
> wbinfo -u
> wbinfo -g
> wbinfo -i username
>   
> all work fine on both servers.
>
>
>   
>   
> 2 questions,
>   
> how can i match the UserID and GroupIDs between the member and ADC server.
>   
>   
> And why do i see this :
>   
> (member server)
> ROTTERDAM\administrator
>   
> (ADC server)
> ROTTERDAM\Administrator
>   
> small thing but just a question
>   
>   
>   
> On the ADC server i have in smb.conf :  ( almost all settings )
>          server role = active directory domain controller
>          server services = s3fs rpc nbt wrepl ldap cldap kdc drepl winbind
ntp_signd kcc dnsupdate
>          idmap_ldb:use rfc2307 = yes
>          wins support = yes
>          template homedir = /home/users/%U
>          template shell = /bin/bash
>   
> On the member server i have in smb.conf :  ( almost all settings )
>   
>     idmap config ROTTERDAM:backend = ad
>     idmap config ROTTERDAM:schema_mode = rfc2307
>
>     winbind trusted domains only = no
>     winbind use default domain = yes
>     winbind enum users  = yes
>     winbind enum groups = yes
>
>      template homedir = /home/users/%U
>      template shell = /bin/bash
>
> where did i go wrong?
>   
> Louis
>   
>
To get the same uid & gid numbers on the server & clients, you need to 
add uidNumber & gidNumber to each user and group you want to use with unix.

The problem is that S4 winbind != S3 winbind, also I suggest you remove 
the line 'template homedir = /home/users/%U' from the AD DC, no doubt 
you have noticed why.

Rowland